[SGVLUG] OpenSSH sftp and rssh

John E. Kreznar jek at ininx.com
Wed Apr 5 16:10:20 PDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James Neff <jneff at tethyshealth.com> writes:

> The sFTP services work by themselves just fine.  I can login and
> transfer files using an sFTP client.  My problem is when I try to chroot
> it (either with rssh or the chroot patch for OpenSSH).  I cannot connect
> when I follow any of the instructions that I've seen so far.  If I go
> back to plain 'ole sFTP without trying to jail the user then it does
> work.  But I want to be able to restrict the user to their home directory.

This is an amplification on my response of March 29.  It seems that
the "subsystem login" feature of login(1) is what you need.  From the
man page:

       A subsystem login is indicated by the presence of a "*" as the
       first character of the login shell.  The given home directory
       will be used as the root of a new file system which the user is
       actually logged into.

> Anyone have any experiences with this?

I experimented with it once years ago and got it working just fine.
Please let us know whether it's what you needed.

- -- 
 John E. Kreznar jek at ininx.com 9F1148454619A5F08550 705961A47CC541AFEF13
 To "reverse engineer" something is to come to comprehend it, so what a
EULA really does is to forbid comprehension.  For this they charge money?!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFENE5YYaR8xUGv7xMRAlK0AJ9HkRqjVez1TGX0hdVTAYi1USO5BACeNkFM
FfYwMrU8h+ed7sS7CULeoA0=
=8/sM
-----END PGP SIGNATURE-----



More information about the SGVLUG mailing list